Comments on: The Oracle security debatehttp://itknowledgeexchange.techtarget.com/eye-on-oracle/the-oracle-security-debate/
A SearchOracle.com blogWed, 11 Jun 2014 06:53:48 +0000hourly1By: Zahid Shaikhhttp://itknowledgeexchange.techtarget.com/eye-on-oracle/the-oracle-security-debate/#comment-1319
Tue, 08 Apr 2008 14:05:45 +0000http://eyeonoracle.blogs.techtarget.com/2008/04/01/the-oracle-security-debate/#comment-1319I think financial constraints should not be an excuse for database security. It is a DBA’s responsibility to keep security patches up to date. He needs to make sure that the organization is aware of security risks and potential risks of data loss and hacking. However, I like the idea of by Mr. Seth that software companies should take care of these security patches or any other updates to the software becuase it is very time consuming to apply these patches if you are behind with your patches.
]]>By: Sukaina Anishttp://itknowledgeexchange.techtarget.com/eye-on-oracle/the-oracle-security-debate/#comment-1318
Mon, 07 Apr 2008 18:55:02 +0000http://eyeonoracle.blogs.techtarget.com/2008/04/01/the-oracle-security-debate/#comment-1318Why are patches a must for DBAs? Can’t the database company take the responsilbility of applying patches whenever needed?
Is it not that companies developing softwares for databases should have initially taken care of securing the database? If a user needs a good database, he needs to buy it from a good database company, and the company to earn more does not gives good security options with the bundle, later sells it as patches.
If the user does not uses it he suffers or else he has to empty more from his pocket.
From these given options:
a.) poorly designed software
b.) failure to apply patches and maintain software
c.) lack of financial resources
d.) all of the above
I will strongly select (d).
Regards,
]]>By: Seth Millerhttp://itknowledgeexchange.techtarget.com/eye-on-oracle/the-oracle-security-debate/#comment-1317
Fri, 04 Apr 2008 19:10:11 +0000http://eyeonoracle.blogs.techtarget.com/2008/04/01/the-oracle-security-debate/#comment-1317It’s the same problem we have with trying convince clients to properly swap their tapes out every night to maintain a current backup of the system. If they have gone two, three or even five years without data loss, they no longer see the need to maintain their backups.

I have been trying to convince management that we are seriously lacking security on our servers, but they won’t allocate resources to patch the databases because there is no immediate need. It’s sad to say but most places won’t acknowledge their lack of security until it has already been compromised.